Biz & IT —

Microsoft to remove Sony’s DRM rootkit

Microsoft takes a stand in the debate over Sony's DRM rootkit.

Jason Grime from Microsoft's Anti-Malware Technology Team announced today that the company's Windows AntiSpyware product, currently in beta testing, will be enhanced to detect and remove Sony's rootkit-style Digital Rights Management software, known as XCP, that is installed with certain protected Sony audio CDs.

We use a set of objective criteria for both
Windows Defender and the Malicious Software Removal Tool to determine
what software will be classified for detection and removal by our
anti-malware technology. We have analyzed this software, and have
determined that in order to help protect our customers we will add a
detection and removal signature for the rootkit component of the XCP
software to the Windows AntiSpyware beta, which is currently used by
millions of users.

The new detection code will be released shortly, and will be automatically distributed to Windows AntiSpyware users as a part of regular reference file updates. In addition, Grime says Microsoft will add detection of XCP to the Windows Malicious Software Removal Tool in its December monthly update. This tool is delivered to customers via the company's Windows Update and Microsoft Update websites.

The rootkit was originally discovered by Mark Russinovich of Sysinternals last week. The discovery has led to widespread complaints from the user community and a number of lawsuits in the United States and internationally. Sony has since agreed to discontinue use of the rootkit and has begun cooperating with antivirus vendors for its removal from infected computers, but today's announcement mentions no collaboration between Sony and Microsoft for removal of the code.